[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Odd log code

Subject: Re: [cobalt-users] Odd log code
From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
Date: Sat Apr 7 02:32:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> ns.mydomain.com 207.175.129.160 - - [07/Apr/2001:06:50:01 -0400] "GET
>
/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi
> nnt/system32/cmd.exe?/c%20dir HTTP/1.0" 302 308 "-" "-"

looks to me like someone is trying to retrieve the winnt cmd.exe from your
RH based machine via http and its not working (supprisingly). All the
'%c0%af..%' stuff is reminiscant of the ././././././ exploit for pro-ftp
that was out some time ago - although this is a get via http and not ftp

At a guess this is some kind of IIS4/5 exploit that wont work on apache, but
that is only a guess.Probably nothing to worry about really.

--
/\/\ a R (

References:
- [cobalt-users] Odd log code
  - From: Rodrigo Velasco

Prev by Date: RE: [cobalt-users] Re: PHP4 and mySQL on Raq2
Next by Date: RE: [cobalt-users] Raq4 / Which mode to transfer packages with
Previous by thread: RE: [cobalt-users] Odd log code
Next by thread: Re: [cobalt-users] Odd log code

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index